Revision 692577bb
Added by jahoti about 2 years ago
| background/policy_injector.js | ||
|---|---|---|
| 2 | 2 |
* Myext injecting policy to page using webRequest |
| 3 | 3 |
* |
| 4 | 4 |
* Copyright (C) 2021 Wojtek Kosior |
| 5 |
* Copyright (C) 2021 jahoti |
|
| 5 | 6 |
* Redistribution terms are gathered in the `copyright' file. |
| 6 | 7 |
*/ |
| 7 | 8 |
|
| ... | ... | |
| 12 | 13 |
* IMPORT browser |
| 13 | 14 |
* IMPORT is_chrome |
| 14 | 15 |
* IMPORT gen_unique |
| 16 |
* IMPORT gen_nonce |
|
| 15 | 17 |
* IMPORT url_item |
| 18 |
* IMPORT url_extract_policy |
|
| 16 | 19 |
* IMPORT get_query_best |
| 17 | 20 |
* IMPORT csp_rule |
| 18 | 21 |
* IMPORTS_END |
| ... | ... | |
| 39 | 42 |
return header.value === rule |
| 40 | 43 |
} |
| 41 | 44 |
|
| 42 |
function inject(details) |
|
| 45 |
function url_inject(details)
|
|
| 43 | 46 |
{
|
| 44 |
const url = url_item(details.url); |
|
| 47 |
const targets = url_extract_policy(details.url); |
|
| 48 |
if (targets.policy) {
|
|
| 49 |
return; |
|
| 50 |
} else if (targets.signed) {
|
|
| 51 |
/* Redirect; update policy */ |
|
| 52 |
targets.target = targets.target2; |
|
| 53 |
delete targets.target2 |
|
| 54 |
} |
|
| 55 |
|
|
| 56 |
let redirect_url = targets.base_url + targets.sig; |
|
| 57 |
let [pattern, settings] = query_best(targets.base_url); |
|
| 58 |
if (!pattern) |
|
| 59 |
/* Defaults */ |
|
| 60 |
settings = {};
|
|
| 61 |
|
|
| 62 |
const policy = {allow: settings.allow, nonce: gen_nonce()};
|
|
| 63 |
|
|
| 64 |
redirect_url += encodeURIComponent(JSON.stringify(policy)); |
|
| 65 |
if (targets.target) |
|
| 66 |
redirect_url += targets.target; |
|
| 67 |
if (targets.target2) |
|
| 68 |
redirect_url += targets.target2; |
|
| 69 |
|
|
| 70 |
return {redirectUrl: redirect_url};
|
|
| 71 |
} |
|
| 45 | 72 |
|
| 46 |
const [pattern, settings] = query_best(url); |
|
| 73 |
function inject(details) |
|
| 74 |
{
|
|
| 75 |
const targets = url_extract_policy(details.url); |
|
| 76 |
if (!targets.policy) |
|
| 77 |
/* Block unsigned requests */ |
|
| 78 |
return {cancel: true};
|
|
| 47 | 79 |
|
| 48 |
const nonce = gen_unique(url); |
|
| 49 |
const rule = csp_rule(nonce); |
|
| 80 |
const rule = csp_rule(targets.policy.nonce); |
|
| 50 | 81 |
|
| 51 | 82 |
var headers; |
| 52 | 83 |
|
| 53 |
if (settings !== undefined && settings.allow) {
|
|
| 84 |
if (targets.policy.allow) {
|
|
| 54 | 85 |
/* |
| 55 | 86 |
* Chrome doesn't have the buggy behavior of repeatedly injecting a |
| 56 | 87 |
* header we injected once. Firefox does and we have to remove it there. |
| ... | ... | |
| 80 | 111 |
if (is_chrome) |
| 81 | 112 |
extra_opts.push("extraHeaders");
|
| 82 | 113 |
|
| 114 |
browser.webRequest.onBeforeRequest.addListener( |
|
| 115 |
url_inject, |
|
| 116 |
{
|
|
| 117 |
urls: ["<all_urls>"], |
|
| 118 |
types: ["main_frame", "sub_frame"] |
|
| 119 |
}, |
|
| 120 |
["blocking"] |
|
| 121 |
); |
|
| 122 |
|
|
| 83 | 123 |
browser.webRequest.onHeadersReceived.addListener( |
| 84 | 124 |
inject, |
| 85 | 125 |
{
|
Also available in: Unified diff
Use URL-based policy smuggling
Increase the power of URL-based smuggling by making it (effectively)
compulsory in all cases and adapting a structure. While the details still need to be worked out, the
potential for future expansion is there.